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Abstract: We explore the use of distributed processing to enhance the performance of 
explicit state enumeration based safety model-checking. State enumeration based 
model-checkers employ a hash-table to cut off search when a state is revisited. 
Distributed model-checkers distribute this table across the processing nodes, employing 
inter-node messages to perform state lookups. This approach incurs the following 
penalties: hashing states, looking up hash-tables, and possibly exchanging messages. 
We study how to avoid these penalties in the context of safety model-checking, 
assuming that completeness can be sacrificed (acceptable for quick error detection). 
We employ the basic strategy of distributed random walk - a process of multiple 
processors randomly, and in an uncoordinated fashion, moving through the state-space 
looking for safety violations, without recording visited states. This process has the 
potential of maximizing CPU utilization, and consequently greatly increase the rate of 
state generation, as the pressure on the memory system as well as communication 
network is minimal. Moreover, the probability that a random-walk repeats the same 
sequence of moves can decrease exponentially with the length of the sequence; thus, 
the work wasted by occasionally repeating short sequences of searches may be more 
than offset by the increased state generation rate. Our choices are ideal for distributed 
systems that have low amounts of memory per node, and are interconnected by low 
bandwidth networks. We also explore techniques that backoff slightly from our extremal 
choices, by exploring heuristic combinations of breadth-first search (BFS) and random- 
walk (RW) that require a modest amount of hash-table lookup and message 
exchanges. These search methods are natural to combine, since BFS requires higher 
amounts of memory to maintain queues, but guarantees to find the shortest path to a 
state, while RW has the opposite characteristics. We first study these heuristic methods 
on synthetic benchmarks to gain sharper (more quantifiable) insights. We then conduct 


studies on some realistic examples as well. We employ up to 10 single-processor CPUs 
that happen to be connected via 100BASE-T Ethernets. Our code was easily ported to 
other platforms, thanks to our use of the popular MPI distributed programming library. ( 
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Abstract: This paper shows an improvement of square hash function family proposed 
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collision probability is slightly larger. Most of the main techniques used to optimize the 
original square hash functions work on our variants as well. The proposed algorithms 
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Abstract: Distributed hash tables (DHTs), used in a number of current peer-to-peer 
systems, provide efficient mechanisms for resource location. Systems such as Chord, 


Pastry, CAN, and Tapestry provide strong guarantees that queries in the overlay 
network can be resolved in a bounded number of overlay hops, while preserving load 
balance among the peers. A key distinction in these systems is the way they handle 
locality in the underlying network. Topology-based node identifier assignment, proximity 
routing, and proximity neighbor selection are examples of heuristics used to minimize 
message delays in the underlying network. We investigate the use of source IP 
addresses to enhance locality in overlay networks based on DHTs. We first show that a 
naive use of source IP address potentially leads to severe resource imbalance due to 
nonuniformity of peers over the IP space. We then present an effective caching scheme 
that combines a segment of the source IP with the queried hash-code to localize access 
and affect replication effectively. Using detailed experiments, we show that this scheme 
achieves performance gains of up to 41%, when compared to Pastry in combination 
with the proximity neighbor selection heuristic. ( 24 refs.) 
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Abstract: The computational resiliency library (CRLib) provides distributed systems 
with the ability to sustain operation and dynamically restore the level of assurance in 
system function during attacks or failures. In the presence of arbitrary faults, replicated 
threads need to agree on the values received in order to achieve consistency, when 
doing group communication in CRLib. To guarantee data integrity and increase 
reliability, we have implemented a variant of the Lamport-Shostak-Pease oral message 
algorithm for the Byzantine Generals problem, which provides fuzzy agreement as well 
as a reduction of the expected communication overhead. Instead of agreeing on the 
original messages, which could be extremely large, agreement is performed over the 
160-bit hashes of normalized messages computed using SHA-1 . Performance 
measurements of applications using CRLib supporting both fail-stop and arbitrary 
failure models indicate that a reasonable overhead in execution time is worth paying in 
cases when Byzantine failures are expected. ( 18 refs.) 
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finite fields. This is much harder than factorization of integers or calculating discrete 
logarithms in F q . Another most important aspect consists in the forms for the private 
keys and for the public keys; the private keys are ordinary integers and the public keys 
are points on an elliptic curve. Elliptic curve systems are very good for applications with 
smart cards and in distributed systems, where computational power and integrated 
circuit space are limited, because computations are easily performed and bandwidth 
requirements are minimal. The paper presents an elliptic curve authenticated encryption 
scheme using a universal hash function (UHF). The UHF can take an input octet string 
message M of arbitrary length. The output of the UHF is an octet string H of 64 bits fixed 
length. For computing in finite extensions over finite rings we have used the ZEN-new 
toolbox, where there are some computing routines implementing the group law defined 
for an elliptic curve. ( 13 refs.) 
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Abstract: HMAC is the Internet standard for message authentication. What 
distinguishes HMAC from other MAC algorithms is that it provides proofs of security 
assuming that the underlying cryptographic hash (e.g. SHA-1) has some reasonable 
properties. HMAC is efficient for long messages, however, for short messages the 
nested constructions results in a significant inefficiency. For example to MAC a 
message shorter than a block, HMAC requires at least two calls to the compression 
function rather than one. This inefficiency may be particularly high for some 
applications, like message authentication of signaling messages, where the individual 
messages may all fit within one or two blocks. Also for TCP/IP traffic it is well known 
that a large number of packets (e.g. acknowledgement) have sizes around 40 bytes 


which fit within a block of most cryptographic hashes. We propose an enhancement that 
allows both short and long messages to be message authenticated more efficiently than 
HMAC while also providing proofs of security. In particular, for a message smaller than 
a block our MAC only requires one call to the compression function. ( 9 refs.) 
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authentication. This paper presents performance analysis and comparisons between 
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considered are processing power and input size. The analysis results revealed that 
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Abstract: The probabilistic signature scheme (PSS) designed by Bellare and 
Rogaway (1993, 1996) is a signature scheme provably secure against chosen message 
attacks in the random oracle model, whose security can be tightly related to the security 
of RSA. We derive a new security proof for PSS in which a much shorter random salt is 
used to achieve the same security level, namely we show that log 2 q S i g bits suffice, 
where q S i g is the number of signature queries made by the attacker. When PSS is used 
with message recovery, a better bandwidth is obtained because longer messages can 
now be recovered. We also introduce a new technique for proving that the security proof 
of a signature scheme is optimal. In particular, we show that the size of the random salt 
that we have obtained for PSS is optimal: if less than log 2 q S i g bits are used, then PSS is 
still provably secure but it cannot have a tight security proof. Our technique applies to 
other signature schemes such as the full domain hash scheme and Gennaro-Halevi- 
Rabin's (see Eurocrypt '99, LNCS vol.1592, p.1 23-39, 1999) scheme, whose security 
proofs are shown to be optimal. ( 20 refs.) 
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Abstract: We propose a dynamic text compression technique with a back searching 
algorithm and a new storage protocol. Codes being encoded are divided into three 
types namely copy, literal and hybrid codes. Multiple dictionaries are adopted and each 
of them has a linked sub-dictionary. Each dictionary has a portion of pre-defined words 
i.e. the most frequent words and the rest of the entries will depend on the message. A 


hashing function developed by Pearson (1990) is adopted. It serves two purposes. 
Firstly, it is used to initialize the dictionary. Secondly, it is used as a quick search to a 
particular word. By using this scheme, the spaces between words do not need to be 
considered. At the decoding side, a space character will be appended after each word is 
decoded. Therefore, the redundancy of space can also be compressed. The result 
shows that the original message will not be expanded even if we have poor dictionary 
design. ( 8 refs.) 
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Abstract: Message authentication codes (MACs) using polynomial evaluation have 
the advantage of requiring a very short key, even for very large messages. We describe 
a low-complexity software polynomial evaluation procedure that, for large message 
sizes, gives a MAC that has about the same low software complexity as for bucket 
hashing but requires only small keys and has better security characteristics. ( 21 refs.) 
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Abstract: Describes MMH (multilinear modular hashing), a construction of almost 
universal hash functions that is suitable for very fast software implementation and is 
applicable to the hashing of variable-size data and fast cryptographic message 
authentication. Our construction uses fast single-precision arithmetic (which is 
increasingly supported by modern processors due to the growing needs for fast 
arithmetic posed by multimedia applications). We report on hand-optimized assembly 
implementations on a 150-MHz PowerPC 604 and a 150-MHz Pentium-Pro, which 
achieve hashing speeds of 350 to 820 Mbit/s, depending on the desired level of security 
(or collision probability), and a rate of more than 1 Gbit/s on a 200 MHz Pentium-Pro. 
This represents a significant speed-up over current software implementations of 
universal hashing and other message authentication techniques (e.g. MD5-based). 
Moreover, our construction is specifically designed to take advantage of emerging 
microprocessor technologies (such as Intel's MMX, 64-bit architectures and others), and 
is best suited to accommodate the growing performance needs of cryptographic (and 
other universal hashing) applications. The construction is based on techniques due to 
Carter and Wegman (1979) for universal hashing using modular multilinear functions 
that we have carefully modified to allow for fast software implementation. We prove that 
the resultant construction retains the necessary mathematical properties required for its 
use in hashing and message authentication. ( 19 refs.) 
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Abstract: We present a scalable distributed data structure called LH*. LH* generalizes 
Linear Hashing (LH) to distributed RAM and disk files. An LH* file can be created from 
records with primary keys, or objects with OlDs, provided by any number of distributed 
and autonomous clients. It does not require a central directory, and grows gracefully, 
through splits of one bucket at a time, to virtually any number of servers. The number of 
messages per random insertion is one in general, and three in the worst case, 
regardless of the file size. The number of messages per key search is two in general, 
and four in the worst case. The file supports parallel operations, e.g., hash joins and 
scans. Performing a parallel operation on a file of M buckets costs at most 2M+1 
messages, and between 1 and 0(log 2 M) rounds of messages. We first describe the 
basic LH* scheme where a coordinator site manages bucket splits, and splits a bucket 
every time a collision occurs. We show that the average load factor of an LH* file is 65- 
70% regardless of file size, and bucket capacity. We then enhance the scheme with 
load control, performed at no additional message cost. We next define LH* schemes 
without a coordinator. We show that insert and search costs are the same as for the 
basic scheme. Next, we briefly describe two variants of splitting policy, using parallel 
splits and presplitting that should enhance performance for high-performance 
applications. ( 29 refs.) 
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Hash functions are among the most widespread cryptographic primitives, 
and are currently used in multiple cryptographic schemes and security 
protocols such as IPSec and SSL. In this paper, we compare and contrast 
hardware implementations of the newly proposed draft hash standard SHA-512, 
and the old standard, SHA-1 . In our implementation based on Xilinx Virtex 
FPGAs, the throughput of SHA-512 is equal to 670 Mbit/s, compared to 530 


Mbit/s for SHA-1 . Our analysis shows that the newly proposed hash standard 
is not only orders of magnitude more secure, but also significantly faster 
than the old standard. The basic iterative architectures of both hash 
functions are faster than the basic iterative architectures of 
symmetric-key ciphers with equivalent security. 
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Abstract: 

We present a cryptographic architecture optimization technique called divide-and- 
concatenate based on two observations: (i) the area of a multiplier and associated data 
path decreases quadratically and their speeds increase gradually as their operand size 
is reduced, (ii) in hash functions, message authentication codes and related 
cryptographic algorithms, two functions are equivalent if they have the same collision 
probability property. In the proposed approach we divide a 2w-bit data path into two w- 
bit data paths and concatenate their results to construct an equivalent 2w-bit data path. 
We applied this technique on NH hash. When compared to the 100% overhead 
associated with duplicating a straightforward 32-bit pipelined NH hash data path, the 
divide-and-concatenate approach yields a 94% increase in throughput with only 40% 
hardware overhead. The NH hash associated message authentication code UMAC 
architecture with collision probability 2-32 that uses four equivalent 8-bit divide-and- 
concatenate NH hash data paths yields a throughput of 79.2 Gbps with only 3840 FPGA 
slices when implemented on a Xilinx FPGA. 
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Abstract: 

A digital certificate includes framing characters defining a protected area. The protected 
area contains a selected set of components, including text-based components and 
binary-based components, and the certificate serves as a transport container for such 
components. A message digest or hashing algorithm applied to the protected area 
provides consistent results despite modifications to the certificate outside the protected 
area. A digital signature provides authentication of source and content integrity. Digital 
certificates under the present invention may be applied to a variety of purposes 
including but not limited to proof of ownership, gift certificates, upgrade purchases, and 
other applications where verification of source and content integrity are desirable. 
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The work of the Open Systems Environment Implementors Workshop (OIW) has 
resulted in an updated set of stable implementors agreements for open 
systems security in the US. 

Part 12 of the "Stable Implementation Agreements for Open Systems Security" 
provides a framework for the development of protocol-specific security 
profiles. It covers distributed information processing in OSI application 
environments which are heterogeneous in terms of technology and 
administration. 

The relationship between protocols and security is accomplished by 
developing a security profile that binds these areas together. Security 
profiles define protocol-specific implementations of security architectures 
by specifying a grouping of the security services to be offered, the 


placement of those services and the selection of the mechanisms to support 
them. 

...Security Classes 

The OIW Agreements define a set of security classes to provide a 
framework on which to build security profiles. Each class specifies the 
required security services in a generic form and for each application 
profile, one or more specific security services are chosen for each class. 

The classes are organized into two similar hierarchies as shown in the 
table below. Each level of each hierarchy is a superset of the security 
services required of the immediately preceding level. 

For each level in the hierarchies the same set of security services 
are required, except that one hierarchy includes confidentiality services. 

Each level of the confidentiality hierarchy is a superset of the other 
hierarchy at the same level. So for example, SO = authentication + access 
control and S0A= SO + confidentiality. 

Also included is a list (or register) of security algorithms which 
implementors can choose from for product development for open systems 
security. This list includes the following types of algorithm: 

* Message digests/Hash Algorithms (e.g. MD4, MD5, SHA) 
These algorithms compute a fixed size digest (or hashed 

total) of a message. 

* Reversible public-key algorithms (e.g. RSA) 

These algorithms are known as asymmetric key algorithms: - separate 
keys are used for encryption and decryption. These algorithms can be used 
to provide both confidentiality and authentication/integrity (e.g. digital 
signatures). They are also an ideal class of algorithm for the secure 
distribution of cryptographic keys especially for highly distributed 
systems. 

* Irreversible public-key algorithms (e.g. Digital Signature 
Algorithm - DSA or El Gamal) 

This class of algorithms are not reversible hence different algorithms 
are used for confidentiality and authenticity. Some of them have been 
designed to provide signature functionality only. They also use two keys 
like the reversible public-key algorithms. 

* Key Exchange (e.g. Diffie-Hellman) 

The list contains a number of commonly-used key exchange mechanisms. 
These are used to agree upon and exchange some shared (secret) information 
which may be used to compute some common value that can typically be used 
as a cryptographic key. 

* Signature algorithm combinations (e.g. RSA with MD4, DSA 
with SHA) 

The list has a number of appropriate digital signature/hash algorithm 
combinations that are used in practice. 

* Symmetric-key algorithms (e.g. DES, RC2, RC4) 

The list contains a number of symmetric-key encryption algorithms. 
Unlike the reversible public-key algorithms, they only use a single key. 


Consequently, they provide a confidentiality capability but not a digital 
signature capability. 

...OSI Upper Layers Security 

The latest version of the stable agreements addresses the provision of 
security services in the upper layers of the OSI model through the use of a 
number of currently existing mechanism standards. These include the use of 
a number of Peer Entity Authentication Mechanisms: 

-- ACSE (Association Control Service Element) authentication to 

support two-way authentication. 

-- The Directory System Authentication Framework (X.509) for 
simple and strong authentication 

-- Other external mechanisms to support authentication services 
such as Kerberos V5.0 

There are also Data Origin Authentication/Integrity Transformations 
like GULS (Generic Upper Layer Security) for encryption, sealing and 
signing data. 

...Network management services 

The approach to providing security services OSI Network Management 
takes into consideration the need for different levels of security services 
within different network management domains, and the near-term requirement 
for interoperability of network management entities over heterogeneous 
network types. 

The prime threats to OSI Network Management in this respect are: 
* the masquerading of a manager or agent entity * the fabrication or 
modification of Common Management 
...Information Protocol (CMIP) data units 

Other threats of secondary concern include: the disclosure of CMIP 
data units; and the replay, reordering, insertion or deletion of CMIP data 
units. 

The agreements go on to define a set of basic services and a set of 
enhanced services to counter these threats. 

Basic services include peer entity authentication, data origin 
authentication and connectionless integrity. Enhanced services embrace 
connectionless confidentiality and connection-oriented integrity with or 
without recovery. 
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Abstract: Public key cryptography, a technology that has been used by certain sectors 
of the US government for over a decade, can be used by network managers for both 
business and security applications. Public Key Infrastructures (PKIs) are already 
available from the suppliers of Internet browsers and servers. These can be used to 
address such business concerns as secure Web-based applications while corporate 
passwords are expected to be replaced by digital certificates. 
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Abstract: 


The National Institute of Standards and Technology (NIST) introduced a 
newly developed Digital Signature Algorithm (DAS) as the public encryption 
standard. The Digital Signature standard proposed specifies a Digital 
Signature Algorithm appropriate for applications requiring a digital rather 
than written signature. The DSA digital signature is a pair of large 
numbers represented in a computer as strings of binary digits. The 
digital signature is a computer using a set of rules and a set of 
parameters enabling it to be used to verify the identity of the originator 
amd integrity of the data. NIST's proposal is only for a public key 
signature system. There are no specifications for privacy or the exchange 
of secret keys. NIST is working to resolve the negative comments about the 
standard and is investigating a national infrastructure that will support 
digital signature applications in a cost-effective manner. 
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